Tag Archives: Security

All the best bits were highlighted in another session I went to. One of the main ones was the Microsoft 2016 Servers ability to interact with TPM version 2.0. In a nutshell, this allows the ISP or Cloud provider to point to the owner should our friends NSA or GHCQ want to look at the server. Microsoft has nice sidestepped the issue of encryption. As with TPM 2.0 enable hardware. If, you can’t talk to the certificate holder for that hardware. Nothing is going to happen. You can bounce in a pick up the Hard drive or the complete unit. Without the system being able to retrieve the certificate. Then, the whole lot is grounded. Wiping out any of the drives will just provide an encrypted drive that you cannot read on any system that cannot talk to its Security systems. Nicely, done there Microsoft. That should stop your friends in government putting you in an untenable position in terms of data security.

Dawson and I seem to think we were the only old plods left!

The young smiling face of youth. I remember when I was that bouncy! Secondly, that this Cloud stuff it is very busy and noisy by all accounts. I’m still waiting for Air Traffic control to come to a sort this mess out!

But, as I was walking around the show. I had a feeling that I got when I watched Chitty chitty bang bang many years ago. When the Child catcher turns up with sweets and ice cream. All of which were free.

Until of course the cage is closed and the pretty decorations come down!

Don’t forget. If, you do set up on Cloud. Make sure that you can migrate away should you need to. Or, you may end up with a larger bill than the CIO was expecting.

Trouble is this has been broken. So, you say oh dear. they will send out a fix. Well, the Fix has been out since 2006. But, the websites are somewhat in a chicken and egg problem.

As the normal browser including IE, Chrome, FF etc are set at version 1.0. Although most can use 1.2 which is the most secure. If they did force you to use this level then quite a few of the commercial sites would refuse to work. :o( and of course the site would lose web traffic.

So, they decided to leave it. Now, of course, it is going to come and bite them. As they have left open a way for an attacker to high jacking the session. Trouble is, you will not know.

As you will turn up to the right website and be unaware of anything being wrong. You will see the lock in the browser and to the normal person. Everything would be fine.

So, my suggestion is to convince Google and other Search engines to rate the Websites positions by what SSL level they are using. So, the safe ones that use 1.2 are the ones that don’t.

Personally, I think you would then find a lot of websites migrating to the secure version. Which, then would make the site more secure the default standard. A quick tweak to the browser security settings and everyone would be using 1.2 in a short space of time. Then, the hackers would have to crack the 1.2. Which is going to be a lot more difficult.

The search engines then get the credit for providing a more secure internet. The banks have a very little excuse. They should have completed this upgrade many moons ago.